powerpc/cell/OProfile: Fix on-stack array size in activate spu profiling function
authorCarl Love <cel@us.ibm.com>
Wed, 29 Oct 2008 05:06:45 +0000 (05:06 +0000)
committerPaul Mackerras <paulus@samba.org>
Fri, 31 Oct 2008 05:13:51 +0000 (16:13 +1100)
The size of the pm_signal_local array should be equal to the
number of SPUs being configured in the array.  Currently, the
array is of size 4 (NR_PHYS_CTRS) but being indexed by a for
loop from 0 to 7 (NUM_SPUS_PER_NODE).  This could potentially
cause an oops or random memory corruption since the pm_signal_local
array is on the stack.  This fixes it.

Signed-off-by: Carl Love <carll@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
arch/powerpc/oprofile/op_model_cell.c

index 35141a8bc3d94691acdfd2b4833b9bf386f45c60..25a4ec2514a3e0a9fb5bdc61167d2b000740ab70 100644 (file)
@@ -582,6 +582,13 @@ static int cell_reg_setup(struct op_counter_config *ctr,
 
        num_counters = num_ctrs;
 
+       if (unlikely(num_ctrs > NR_PHYS_CTRS)) {
+               printk(KERN_ERR
+                      "%s: Oprofile, number of specified events " \
+                      "exceeds number of physical counters\n",
+                      __func__);
+               return -EIO;
+       }
        pm_regs.group_control = 0;
        pm_regs.debug_bus_control = 0;
 
@@ -830,13 +837,13 @@ static int calculate_lfsr(int n)
 static int pm_rtas_activate_spu_profiling(u32 node)
 {
        int ret, i;
-       struct pm_signal pm_signal_local[NR_PHYS_CTRS];
+       struct pm_signal pm_signal_local[NUM_SPUS_PER_NODE];
 
        /*
         * Set up the rtas call to configure the debug bus to
         * route the SPU PCs.  Setup the pm_signal for each SPU
         */
-       for (i = 0; i < NUM_SPUS_PER_NODE; i++) {
+       for (i = 0; i < ARRAY_SIZE(pm_signal_local); i++) {
                pm_signal_local[i].cpu = node;
                pm_signal_local[i].signal_group = 41;
                /* spu i on word (i/2) */
@@ -848,7 +855,7 @@ static int pm_rtas_activate_spu_profiling(u32 node)
 
        ret = rtas_ibm_cbe_perftools(SUBFUNC_ACTIVATE,
                                     PASSTHRU_ENABLE, pm_signal_local,
-                                    (NUM_SPUS_PER_NODE
+                                    (ARRAY_SIZE(pm_signal_local)
                                      * sizeof(struct pm_signal)));
 
        if (unlikely(ret)) {